Nice idea. I'll give it a try. Here also is something I came up with that others may find useful.

I am building a shopping cart for a retail business. )Shopping carts are not for the faint of heart.) The biggest problem I had to fix was what was showing up in the browser's address bar using a querystring. Because useful information was showing up it might allow a hacker into places he or she should not go. And, the information showing up in the browser may compromise the paying visitor. To get around what was in the address bar I created an intermediate program that used SetVar then called the page with a redirect. Once on the new page I did a Getvar to get the vars I needed. Once the vars were placed in a private var I removed the session var. The intermediate program also called a redirect program to encode the path beyond the domain. This worked great and the paying visitor is protected. Here is an example:

PRODUCTLIST.FWX(user chooses a product to add to cart)

*Note: this url passes two parameters, item id and the name of the script where I intend to go.

<a href="securecart.fwx?itemID=<%=(IID)%>&page=tocart.fwx">

SECURECART.FWX

*Line 1 checks to make sure that the request comes from my domain and not a hacker

IF LEFT(Request.ServerVariables('HTTP_REFERER'),23) = "http://www.mydomain.com" * The next two lines gets the querystring parameters passed by securecart.fwx

lcitemID=ALLTRIM(Request.QueryString("itemID"))

lcpage=ALLTRIM(Request.QueryString("page"))

*The next two lines sets the session vars Session.SetVar('itemID',lcitemD) Session.SetVar('page',lcpage)

* The next line calls the intended page using redirect.fwx that encodes the page name

And, if the browser is refreshed I'm not adding another instance of the last product item last added to the cart. BTW, here is the code for redirect.fwx that encrypts the called script name. I think all of this also keeps hackers from getting to my scripts and intercepting private information.